What is DNS Flood Detector?
DNS Flood Detector was developed to detect abusive usage levels on high
traffic nameservers and to enable quick response to the use of one's
nameserver to facilitate spam. DNS Flood Detector is distributed under the
Gnu Public License (see included LICENSE file for details).

How does it work?
DNS Flood Detector uses libpcap (in non-promiscuous mode) to monitor
incoming dns queries to a nameserver. The tool may be run in one of two
modes, either daemon mode or "bindsnap" mode. In daemon mode, the tool
will alarm via syslog. In bindsnap mode, the user is able to get
near-real-time stats on usage to aid in more detailed troubleshooting.
By default, it will count dns queries directed to any address in the same
network as the primary IP address on the interface being watched; the -A,
-M, and -Q options can be used to modify this behaviour.

As of version 1.2, DNS Flood Detector can now send source IP request
data to a network-based collector as JSON. This lets you gather near
real-time information about who is using your DNS servers, and from
where. I've included a sample application called dns_flood_collector.pl,
which you can use to receive and report these data. The output of this
program can be easily fed into a graphing tool, such as Caida's
plot-latlong:

http://www.caida.org/tools/visualization/plot-latlong/

Why was it written?
I wrote DNS Flood Detector because the fifty or so public recursive nameservers
I was responsible for were being abused by both customers and non-customers. DNS
Flood Detector allowed for prompt action when anomalous conditions were detected.

Thank you Jim and Erik for your patches and troubleshooting; you have helped make
DNS Flood Detector a more useful tool for the Internet community!

What do I need to use it?
You need libpcap and a little bit of
patience. I have currently tested DNS Flood Detector on Linux, OSX, BSDI,
Solaris 9, and FreeBSD.

Will it run under Windows {95,98,ME,NT,2000,XP}?
Maybe. I haven't tried. If it doesn't, feel free to submit a fix.